內部部署 Exchange Connector 僅適用於您的 Intune 租用戶，無法搭配任何其他租用戶使用。The on-premises Exchange connector is specific to your Intune tenant and cannot be used with any other tenant.您也應該確定適用於租用戶的 Exchange 連接器只安裝在一部電腦上。You should also make sure the exchange connector for your tenant is installed on only one machine.

連接器可以安裝在任何電腦上，只要該電腦能與 Exchange 伺服器通訊。The connector can be installed on any machine as long as that machine is able to communicate with the Exchange server.

此連接器支援 Exchange CAS 環境。The connector supports Exchange CAS environment.想要的話，在技術上您可以將連接器直接安裝在 Exchange CAS 伺服器上，但不建議這麼做，因為這會增加伺服器負載。You can technically install the connector on the Exchange CAS server directly if you wish to, but it is not recommended, as it increases the load on the server.設定連接器時，您必須將它設定成可以與其中一部 Exchange CAS 伺服器通訊。When configuring the connector, you must set it up to communicate to one of the Exchange CAS servers.

必須以憑證式驗證或使用者認證項目來設定 Exchange ActiveSync。Exchange ActiveSync must be configured with certificate based authentication, or user credential entry.

設定條件式存取原則並以使用者為目標後，使用者使用的裝置必須符合下列條件，使用者才能連接到其電子郵件：When conditional access policies are configured and targeted to a user, before a user can connect to their email, the device they use must be:

已向 Intune 註冊，或為加入網域的電腦。Either enrolled with Intune or is a domain joined PC.

「符合」部署到該裝置的合規性原則。Compliant with device compliance policies deployed to that device.

若裝置不符合條件式存取設定，將會在使用者登入時，對其顯示下列訊息之一︰If the device does not meet conditional access settings, the user is presented with one of the following messages when they log in:

若裝置未向 Intune 註冊，或未在 Azure Active Directory 中註冊，將會顯示一則訊息，指示使用者如何安裝公司入口網站應用程式、如何註冊裝置，以及如何啟用電子郵件。If the device is not enrolled with Intune, or is not registered in Azure Active Directory, a message is displayed with instructions about how to install the Company Portal app, enroll the device, and activate email.此程序也會將裝置的 Exchange ActiveSync 識別碼與 Azure Active Directory 中的裝置記錄相關聯。This process also associates the device's Exchange ActiveSync ID with the device record in Azure Active Directory.

若裝置不合規，將會顯示一則訊息，將使用者導向 Intune 公司入口網站或公司入口網站應用程式，讓使用者能夠從中尋找到問題及其修復方法的相關資訊。If the device is not compliant, a message is displayed that directs the user to the Intune Company Portal website, or the Company Portal app where they can find information about the problem and how to remediate it.

支援行動裝置Support for mobile devices

EAS 郵件用戶端 Android for Work 裝置：Android for Work 裝置只支援工作設定檔中的 Gmail 和 Nine Work 應用程式。EAS mail clients Android for Work devices: Only Gmail and Nine Work apps in the work profile are supported on Android for Work devices.Android for Work 若要使用條件式存取，除了必須部署 Gmail 或 Nine Work 應用程式的電子郵件設定檔之外，還必須將這些應用程式部署為必要安裝。For conditional access to work with Android for Work, you must deploy an email profile for the Gmail or Nine Work app, and also deploy those apps as a required install.

若未設定 Exchange Active Sync 內部部署連接器，則會停用此選項。If you have not configured the Exchange Active Sync on-premises connector, this option is disabled.您必須先安裝及設定此連接器，才能為 Exchange 內部部署啟用條件式存取。You must first install and configure this connector before enabling conditional access for Exchange on-premises.如需詳細資訊，請參閱安裝 Intune 內部部署 Exchange 連接器For more details, see Install the Intune On-premises Exchange Connector

從 [指派] 下選擇 [包含的群組]。Under Assignment, choose Groups Included.請使用應套用條件式存取的安全性使用者群組。Use the security user group that should have conditional access applied to it.此動作會需要使用者向 Intune 註冊其裝置，而且必須符合相容性設定檔的規範。This action would require the users to enroll their devices in Intune and be compliant with the compliance profiles.

若要排除特定的使用者群組，可以選擇 [排除的群組]，然後選取要免套用裝置註冊與合規需求的使用者群組。If you want to exclude a certain groups of users, you can do so by choosing Groups Excluded and selecting a user group that you want to be exempt from requiring device enrollment and compliance.

從 [設定] 下選擇 [使用者通知]，可修改預設的電子郵件訊息。Under Settings, choose User notifications to modify the default email message.當使用者裝置不合規範，卻又要存取 Exchange 內部部署時，即會將此訊息會傳送給使用者。This message is sent to users if their device is not compliant and they want to access Exchange on-premises.訊息範本會使用標記語言。The message template uses Markup language.當您一邊鍵入訊息時，會一邊顯示訊息的預覽。You can also see the preview of how the message looks as you type.

提示

若要深入了解標記語言，請參閱 Wikipedia 上的這篇文章。To learn more about Markup language see this Wikipedia article.

依據接下來的兩個步驟所述，在 [Advanced Exchange Active Sync access settings] (進階 Exchange Activesync 存取設定) 窗格中，為從不是由 Intune 管理的裝置存取設定全域預設規則及平台層級規則。On the Advanced Exchange Active Sync access settings pane, set the global default rule for access from devices that are not managed by Intune, and for platform-level rules as described in the next two steps.

對於不受條件式存取影響的裝置或其他規則，您可以選擇允許它們存取 Exchange 或加以封鎖。For a device that is not affected by conditional access or other rules, you can choose to allow it to access Exchange, or block it.

當您設定成允許存取時，所有裝置即可立即存取 Exchange 內部部署。When you set this to allow access, all devices are able to access Exchange on-premises immediately.若包含的群組中之使用者的裝置稍後被評估為不符合合規性政策，或未向 Intune 註冊，將會予以封鎖。Devices that belong to the users in the Groups Included, are blocked if they are subsequently evaluated as not compliant with the compliant policies or not enrolled in Intune.

當您設定為禁止存取時，會立即禁止所有裝置存取 Exchange 內部部署。When you set this to block access, all devices are immediately blocked from accessing Exchange on-premises initially.包含的群組中之使用者的裝置若已向 Intune 註冊，並經評估為相容，即可存取 Exchange 內部部署。Devices that belong to users in the Groups Included get access once the device is enrolled in Intune and is evaluated as compliant.因為非執行 Samsung Knox Standard 的 Android 裝置不支援此設定，所以一律會被封鎖。On Android devices that do not run Samsung Knox standard is always blocked as they do not support this setting.

從 [裝置平台例外狀況] 下選擇 [新增]，以指定平台。Under Device platform exceptions, choose Add to specify the platforms.若將 [未受控的裝置存取] 設定設定為 [封鎖]，即使已在平台例外狀況中指定要禁止的平台，仍會允許已經註冊且相容的裝置進行存取。If the unmanaged device access setting is set to blocked, devices that are enrolled and compliant are allowed even if there is a platform exception to block.選擇 [確定]，以儲存設定。Choose Ok to save the settings.